Hello ? Thank-you for your e-mail. I corrected the syntax in the file, and I have confirmed the permissions are correct: -rw-------. 1 root root 266 Jun 23 08:45 sssd.conf Unfortunately, the error condition and messages listed in my initial e-mail are still present. From: l at avc.su [mailto:l at avc.su] Sent: Thursday, June 23, 2016 8:34 AM To: CentOS mailing list; Kaplan, Andrew H. Subject: Re: [CentOS] sssd.conf file missing Hello Andrew. The sssd.conf should be owned by root:root, mode 0600. Also please note this line in your config: [<domain>.org] enumate = true it's enumerate, not enumate. 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkaplan at partners.org<mailto:ahkaplan at partners.org>>: Hello -- We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication. The ldap packages that are currently installed on the system are the following: python-sss 1.13.0-40.el7_2.4 python-sssdconfig 1.13.0-40.el7_2.4 sssd 1.13.0-40.el7_2.4 sssd-ad 1.13.0-40.el7_2.4 sssd-client 1.13.0-40.el7_2.4 sssd-common 1.13.0-40.el7_2.4 sssd-common-pac 1.13.0-40.el7_2.4 sssd-dbus 1.13.0-40.el7_2.4 sssd-ipa 1.13.0-40.el7_2.4 sssd-krb5 1.13.0-40.el7_2.4 sssd-krb5-common 1.13.0-40.el7_2.4 sssd-ldap 1.13.0-40.el7_2.4 sssd-libwbclient 1.13.0-40.el7_2.4 sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4 sssd-tools 1.13.0-40.el7_2.4 I ran the following commands to set up LDAP/AD authentication: # ln -s /bin/bash /bin/PHSshell # ln -s /home /PHShome # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update # chkconfig sssd on # service sssd restart Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following: [<domain>.org] enumate = true cache_credentials = TRUE id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldap.<domain>.org ldap_search_base = dc=<domain>,dc=org tls_reqcert = demand ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt If there are any additions or corrections that I need to make, please let me know. I reran the service sssd restart command, and the error message that I am seeing via journalctl -xe is the following: Unit sssd.service has begun starting up. Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the configuration database [5]: Input/output error. Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service: control process exited, code=exited status=4 Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Failed to start System Security Services Daemon. -- Subject: Unit sssd.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.freedesktop.org/mailman/listinfo/systemd-devel> -- -- Unit sssd.service has failed. -- -- The result is failed. Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered failed state. Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed. Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered Authentication Agent for unix-process:6369:52587318 (system bus name :1.2287, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Any ideas? The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. _______________________________________________ CentOS mailing list CentOS at centos.org<mailto:CentOS at centos.org> https://lists.centos.org/mailman/listinfo/centos
OK, lets dig further. Does your sssd.conf have [sssd] section? Something like [sssd] debug_level = 4 config_file_version = 2 domains = your-domain-name-here If it's not there, add it and modify the [your-domain-name-here] section so it'll look like this: [domain/your-domain-name-here] 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkaplan at partners.org>:> Hello ? > > Thank-you for your e-mail. I corrected the syntax in the file, and I have confirmed the permissions are correct: > > -rw-------. 1 root root 266 Jun 23 08:45 sssd.conf > > Unfortunately, the error condition and messages listed in my initial e-mail are still present. > > From: l at avc.su [mailto:l at avc.su] > Sent: Thursday, June 23, 2016 8:34 AM > To: CentOS mailing list; Kaplan, Andrew H. > Subject: Re: [CentOS] sssd.conf file missing > > Hello Andrew. > > The sssd.conf should be owned by root:root, mode 0600. > > Also please note this line in your config: > > [<domain>.org] > enumate = true > > it's enumerate, not enumate. > > 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkaplan at partners.org>: > >> Hello -- >> >> We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication. The ldap packages that are currently installed on the system are the following: >> >> python-sss 1.13.0-40.el7_2.4 >> python-sssdconfig 1.13.0-40.el7_2.4 >> sssd 1.13.0-40.el7_2.4 >> sssd-ad 1.13.0-40.el7_2.4 >> sssd-client 1.13.0-40.el7_2.4 >> sssd-common 1.13.0-40.el7_2.4 >> sssd-common-pac 1.13.0-40.el7_2.4 >> sssd-dbus 1.13.0-40.el7_2.4 >> sssd-ipa 1.13.0-40.el7_2.4 >> sssd-krb5 1.13.0-40.el7_2.4 >> sssd-krb5-common 1.13.0-40.el7_2.4 >> sssd-ldap 1.13.0-40.el7_2.4 >> sssd-libwbclient 1.13.0-40.el7_2.4 >> sssd-libwbclient-devel 1.13.0-40.el7_2.4 >> sssd-proxy 1.13.0-40.el7_2.4 >> sssd-tools 1.13.0-40.el7_2.4 >> >> I ran the following commands to set up LDAP/AD authentication: >> >> # ln -s /bin/bash /bin/PHSshell >> # ln -s /home /PHShome >> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update >> # chkconfig sssd on >> # service sssd restart >> >> Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following: >> >> [<domain>.org] >> enumate = true >> cache_credentials = TRUE >> >> id_provider = ldap >> auth_provider = ldap >> chpass_provider = ldap >> >> ldap_uri = ldap://ldap.<domain>.org >> ldap_search_base = dc=<domain>,dc=org >> tls_reqcert = demand >> ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt >> >> If there are any additions or corrections that I need to make, please let me know. >> >> I reran the service sssd restart command, and the error message that I am seeing via journalctl -xe is the following: >> >> Unit sssd.service has begun starting up. >> Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the configuration database [5]: Input/output error. >> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service: control process exited, code=exited status=4 >> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Failed to start System Security Services Daemon. >> -- Subject: Unit sssd.service has failed >> -- Defined-By: systemd >> -- Support: http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.freedesktop.org/mailman/listinfo/systemd-devel> >> >> -- >> -- Unit sssd.service has failed. >> -- >> -- The result is failed. >> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered failed state. >> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed. >> Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered Authentication Agent for unix-process:6369:52587318 (system bus name :1.2287, >> object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) >> >> Any ideas? >> >> The information in this e-mail is intended only for the person to whom it is >> addressed. If you believe this e-mail was sent to you in error and the e-mail >> contains patient information, please contact the Partners Compliance HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to you in error >> but does not contain patient information, please contact the sender and properly >> dispose of the e-mail. >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos
Hello -- I made the suggested changes to the sssd.conf file, and the results are the same. Just to make sure my syntax is correct: The following section was added to the end of the file: [sssd] debug_level = 4 config_file_version = 2 domains = company/company.org -----Original Message----- From: l at avc.su [mailto:l at avc.su] Sent: Thursday, June 23, 2016 9:08 AM To: Kaplan, Andrew H.; CentOS mailing list Subject: Re: [CentOS] sssd.conf file missing OK, lets dig further. Does your sssd.conf have [sssd] section? Something like [sssd] debug_level = 4 config_file_version = 2 domains = your-domain-name-here If it's not there, add it and modify the [your-domain-name-here] section so it'll look like this: [domain/your-domain-name-here] 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkaplan at partners.org>:> Hello ? > > Thank-you for your e-mail. I corrected the syntax in the file, and I have confirmed the permissions are correct: > > -rw-------. 1 root root 266 Jun 23 08:45 sssd.conf > > Unfortunately, the error condition and messages listed in my initial e-mail are still present. > > From: l at avc.su [mailto:l at avc.su] > Sent: Thursday, June 23, 2016 8:34 AM > To: CentOS mailing list; Kaplan, Andrew H. > Subject: Re: [CentOS] sssd.conf file missing > > Hello Andrew. > > The sssd.conf should be owned by root:root, mode 0600. > > Also please note this line in your config: > > [<domain>.org] > enumate = true > > it's enumerate, not enumate. > > 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkaplan at partners.org>: > >> Hello -- >> >> We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication. The ldap packages that are currently installed on the system are the following: >> >> python-sss 1.13.0-40.el7_2.4 >> python-sssdconfig 1.13.0-40.el7_2.4 >> sssd 1.13.0-40.el7_2.4 >> sssd-ad 1.13.0-40.el7_2.4 >> sssd-client 1.13.0-40.el7_2.4 >> sssd-common 1.13.0-40.el7_2.4 >> sssd-common-pac 1.13.0-40.el7_2.4 >> sssd-dbus 1.13.0-40.el7_2.4 >> sssd-ipa 1.13.0-40.el7_2.4 >> sssd-krb5 1.13.0-40.el7_2.4 >> sssd-krb5-common 1.13.0-40.el7_2.4 >> sssd-ldap 1.13.0-40.el7_2.4 >> sssd-libwbclient 1.13.0-40.el7_2.4 >> sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4 >> sssd-tools 1.13.0-40.el7_2.4 >> >> I ran the following commands to set up LDAP/AD authentication: >> >> # ln -s /bin/bash /bin/PHSshell >> # ln -s /home /PHShome >> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update >> # chkconfig sssd on # service sssd restart >> >> Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following: >> >> [<domain>.org] >> enumate = true >> cache_credentials = TRUE >> >> id_provider = ldap >> auth_provider = ldap >> chpass_provider = ldap >> >> ldap_uri = ldap://ldap.<domain>.org >> ldap_search_base = dc=<domain>,dc=org tls_reqcert = demand >> ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt >> >> If there are any additions or corrections that I need to make, please let me know. >> >> I reran the service sssd restart command, and the error message that I am seeing via journalctl -xe is the following: >> >> Unit sssd.service has begun starting up. >> Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the configuration database [5]: Input/output error. >> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service: >> control process exited, code=exited status=4 Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Failed to start System Security Services Daemon. >> -- Subject: Unit sssd.service has failed >> -- Defined-By: systemd >> -- Support: >> http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.fr >> eedesktop.org/mailman/listinfo/systemd-devel> >> >> -- >> -- Unit sssd.service has failed. >> -- >> -- The result is failed. >> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered failed state. >> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed. >> Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered >> Authentication Agent for unix-process:6369:52587318 (system bus name >> :1.2287, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, >> locale en_US.UTF-8) (disconnected from bus) >> >> Any ideas? >> >> The information in this e-mail is intended only for the person to >> whom it is addressed. If you believe this e-mail was sent to you in >> error and the e-mail contains patient information, please contact the >> Partners Compliance HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to >> you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos